[
https://issues.apache.org/jira/browse/TS-1668?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13872640#comment-13872640
]
ASF subversion and git services commented on TS-1668:
-----------------------------------------------------
Commit 4cf9975e9b8ff0cc5510707443da0adafbb962cb in branch refs/heads/master
from [~bcall]
[ https://git-wip-us.apache.org/repos/asf?p=trafficserver.git;h=4cf9975 ]
TS-1668: Added HSTS configuration options to ATS
> Traffic Server does currently not implement HSTS
> ------------------------------------------------
>
> Key: TS-1668
> URL: https://issues.apache.org/jira/browse/TS-1668
> Project: Traffic Server
> Issue Type: Bug
> Components: Security, SSL
> Reporter: Igor Galić
> Assignee: Bryan Call
> Fix For: 4.2.0
>
> Attachments: ts1688.diff, ts1688.diff
>
>
> Apache Traffic Server can be used as Reverse Proxy as well as for {{TLS}}
> ({{SSL}}) Termination for a huge number of sites.
> As such is the ideal point to implement [HTTP Strict Transport
> security|http://tools.ietf.org/html/rfc6797].
> I propose enable administrators to globally ({{records.config}}) configure
> HSTS for all sites that offer both, HTTP and HTTPS. (This switch, if
> backported, should default to off for stable releases.)
> We should further also make it possible to disable this setting per-site
> ({{ssl_multicert.config}}).
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
